DESCRIPTION 

I. Title of the Invention 

DATA PROTECTION METHOD 

5 2. CLAIMS 

(1) A data protection method used in a system where encrypted data 
is decrypted and used by a data-use apparatus, characterized in 
that the data-use apparatus is provided with: 

decryption means that has a function of decrypting a single 
10 piece or some pieces of data encrypted in a plurality of ways when 
the data is encrypted in the plurality of ways using a plurality 
of encryption methods and supplied; and 

cipher system description means that identifies the single 
piece or some pieces of the supplied data, i.e., identifies part 
15 of the encrypted data which is decryptable by the decryption means. 

(2) The data protection method according to claim 1, 
characterized in that the plurality of encryption methods use the 
same encryption algorithm but different encryption keys. 

20 

(3) The data protection - method according to claim 1 or 2, 
characterized in that the data-use apparatus is provided with a 
plurality of the decryption means. 

25 (4) A data protection method used in a system where encrypted data 
is decrypted and used by a data-use apparatus, characterized in 
that the system is provided with: 
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decryption means that has a function of, when data encrypted 
in any desired encryption method and data decryption means 
information, which describes means for decrypting the encrypted 
data and includes pieces encrypted in a plurality of ways using 
5 a plurality of encryption methods, are supplied, decrypting a single 
piece or some pieces of the data decryption means information 
encrypted in the plurality of ways; and 

cipher system description means that identifies information 
part, which is decryptable by the decryption means, of the data 
10 decryption means information being encrypted in the plurality of 
ways . 

(5) The data protection method according to claim 4, 
characterized in that the plurality of encryption methods use the 

15 same encryption algorithm but different encryption keys. 

(6) The data protection method according to claim 4 or 5, 
characterized in that the data-use apparatus is provided with a 
plurality of the decryption means. 

20 
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3. Detailed Description of the Invention 
[Outline] 

The present invention relates to a system which delivers 
encrypted data and allows only a user confirmed as a verified user 
5 to use the data by decrypting the encrypted data. The present 
invention provides means for avoiding risk involved in a case where 
secret in the decryption method is shared by multiple manufacturers 
or multiple groups within a company which produce decoders . 

10 [Field of the Industrial Application] 

The present invention relates to a protection method for 
software such as computer programs and videos and for data including 
deposit balances or the like in a bank. 
[Background Art] 

15 In recent years, various paid programs have been on sale along 

with the development in a data processing system. However, the 
protection used in the system is not completely secure, and the 
unauthorized use of programs is increasing. 

The same applies to video tapes or data including various 

20 kinds of information. 

In a case where mass copies of data are made and used in 
multiple apparatuses as described above, an effective way for 
preventing the unauthorized use is to allow data to be used only 
in apparatuses specified by a data supplier. 

25 The basic method for achieving the above way is illustrated 

in FIG. 6. In a case where data a is provided to data-use apparatuses 
® to ®, the data a is encrypted using unique keys Ki to K n different 
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for the respective data-use apparatuses. Accordingly, n pieces of 
encrypted data ® to ® are created and then delivered to the data-use 
apparatuses, respectively. Each of the data-use apparatuses 
exclusively decrypts the supplied data by using the corresponding 
5 unique decryption key. 

However, with this method, the number of pieces of encrypted 
data in need of preparation is the same as the number of the data-use 
apparatuses regardless of the fact that data embodiments have the 
same content. Therefore, this method is not suitable for mass 
10 duplication and mass supply. 

[Prior Art] 

In the field of computing, a method involving a public-key 
cryptosystem is proposed as means for protecting supplied computer 

15 programs from the unauthorized duplication and use. With this 
method, a decoder including a decryption key is embedded in a 
computer. An encryption key corresponding to the decryption key 
is publicly disclosed to program manufacturers. The program 
manufacturers encrypt their programs using the encryption key and 

20 then distribute the encrypted programs. Each program is decrypted 
and executed by the decoder in the computer while the decrypted 
original program is never leaked to the outside from the computer. 

Even though the encryption key is publicly disclosed with the 
public-key cryptosystem, it is virtually impossible to guess the 

25 decryption key corresponding thereto. Accordingly, unless the 
decryption key enclosed in the decoder is leaked to the outside, 
no one but the manufacturer can know the contents of the program. 
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Therefore, it is vital to secure the secret of the decryption 
key in using the method. 
[Reference Documents ] 

1. A. Lempel "Cryptology in Transition" ACM Computing Surveys, Vol. 
5 11. No. 4, pp. 285 - 304 

2. M.E. Hellman, translated by Shin Hitotsumatsu, "New 
Cryptosystem" Nikkei Inc., Science Vol. 19, No. 10, pp. 100 - 112 

[Problems to be Solved by the Invention] 

A method has been proposed in order to prevent the leakage 
of the decryption key. With the method, a pair of decryption key 
and encryption key are automatically generated by a manufacturing 
apparatus for manufacturing a decoder. Only the encryption key is 
taken outside as it is while the decryption key is written into 
the decoder directly by the apparatus, so that the decryption key, 
as it is, is not exposed to anyone. However, there is a problem 
that the secrecy with this method is effective only on condition 
that there is only a single manufacturing apparatus. Thus, this 
method is not applicable in a case where decoders are produced by 
multiple manufacturers. Even if there is only a single 
manufacturer, this method is not applicable in a case where the 
manufacture uses multiple manufacturing apparatuses. 

[Means for Solving the Problems] 
25 An object of the present invention is to overcome the problems 

in the secrecy of the decryption key described above. What needs 
to be performed by each company in a case where decoders are 
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manufactured by multiple companies or by each manufacturing 
apparatus within a single company is to keep the secret of a key 
to be enclosed independently in the decoders manufactured by the 
company or the manufacturing apparatus itself. 

5 

j The purpose of the present invention would be achieved by 

means as follows: 

1. A part or the whole of data, or a part or the whole of information 
regarding decode means for an encrypted data would be encrypted 

10 in plural way by plural encryption keys or plural encryption 
methods . 

2. A decoder will select one unit among these encrypted data or 
information that would be appropriate for the decryption key or 
the decoder thereof. 

15 3. It would be possible to use the encrypted data just by decoding 
the part of them. 

The configuration of the present invention is characterized 
in that a decoder, including decryption means, further includes 
means for identifying which encrypted part of data corresponds to 
20 a decryption key or the decryption means of the decoder. 

FIG. 1 is a diagram illustrating a basic configuration of the 
present invention . 

FIG. (A) illustrates a configuration of encrypted data in a 
method where contents of data are encrypted in multiple ways using 
25 multiple encryption methods, each encrypted data is set as an 
encrypted block, and then the encrypted blocks are put together 
and delivered as a line encrypted block. In the example illustrated, 
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data a is encrypted in n ways, and a line encrypted block including 
n encrypted blocks is delivered to data-use apparatuses. 

FIG. (B) illustrates a configuration of encrypted data in a 
method where contents of data are encrypted using a single 
5 encryption method. The decryption key thereof is encrypted into 
an encrypted block in multiple ways using multiple encryption 
methods, and the encrypted blocks are delivered with the encrypted 
data. In the example illustrated, data, formed of a line encrypted 
block including n encrypted blocks obtained by encrypting the 

10 decryption key in n ways and a single encrypted block obtained by 
encrypting data a, is delivered to the data-use apparatuses. 

FIG. (C) illustrates a configuration of each data-use 
apparatus: 1 denotes encrypted data; 2 denotes a decoder; 3 denotes 
cipher system description means; and 4 denotes decryption means. 

15 The encrypted data 1 has a configuration of encryption data 

as illustrated in FIG. (A) or FIG. (B) . 

The decoder 2 includes unique cipher system description means 
3 and decryption means 4 as a characteristic configuration according 
to the present invention. 

20 The cipher system description means 3 identifies and acquires 

the encrypted block that can be decrypted by its decoder from the 
line encrypted block in the encrypted data 1. The position of the 
encrypted block in the line encrypted block is previously determined 
by order in the array or specified by an index. Alternatively, the 

25 cipher system description means 3 may identify the corresponding 
block by trying decryption on all encrypted blocks in turn and 
determining whether the encrypted blocks are successfully decrypted 
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or not. The encrypted block acquired from the line encrypted block 
in the encrypted data 1 is the encrypted data a in case of FIG. 

(A) and is the encrypted decryption key in case of FIG. (B) . 

The decryption means 4 performs decryption by applying the 
5 decryption key that is unique to the means to the acquired encrypted 
block. In case of FIG. (A), the outcome of decryption is the data 
a, and the decryption is completed at this moment. In case of FIG. 

(B) , the outcome of decryption is the decryption key for decrypting 
the encrypted data a, and the decryption is completed after the 

10 decryption means 4 acquires the data a using the decryption key. 

[Function] 

An example of software is described with reference to a 
schematic diagram illustrated in FIG. 2. 
15 After developing software (which are represented by marks " 

□ ", "A", or "O" in the Figure), software benders provide their 
products in which at least a part of software has been encrypted 
in the way of Fig.l (A) or Fig.l (B) . 

Users obtain encrypted software from a distribution channel. A 
20 user can copy the software freely, and he can store the software 
on a certain place of a file system or a network. 

However, the software is not available, nor executable unless 
decryption. Permitted user's computers have decoders comprising 
Cipher System Description Means 3 and Decryption Means 4. Only 
25 software that has been decrypted by the decoder would be executed. 

[Embodiment] 
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Figure 3 shows an embodiment of the system according to the 
present invention. In the Figure 3, "1" is an encrypted data provided 
to the system, lal-lan are encrypted blocks encrypted by different 
encryption methods respectively, lb is an index table (INDEX) that 
5 points each head address of the encrypted blocks. 2i and 2j are 
decoders, which may be produced by different companies. 3i and 3j 
are Cipher System Description Means, which are inside of 2i and 
2j respectively. 4i and 4j are Decryption Means. 

When encrypted data 1 is entered in decoder 2i, Cipher System 
10 Identification Means 3i reads the index table (INDEX) lb and 
determines two matters, 1) among lal-lan, which is the encrypted 
block corresponding to Decryption Means 4i for the decoder 2i, and 
2) where is the head address thereof, and sends the information 
to Decryption Means 4i. Since then, 4i decodes the encrypted data 
15 of lai and the data would be available. 

When encrypted data 1 is entered in decoder 2j, similarly, laj 
is selected among encrypted data 1 and that would be decoded by 
Decryption Means 4 j . 

20 The index table (INDEX) lb may be spared in a case where each 

of the encrypted data lal to la n is of the same invariable 
size. Further, the index table (INDEX) lb may be spared in a case 
where each header of the encrypted data lal to lan is a distinctive 
pattern that can be identified by other units and further 

25 identification information on the encrypted block is written into 
the distinctive pattern. 

There is a round-robin method with which decryption is tried 
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on all encrypted blocks and any block that is successfully decrypted 
is selected. However, it goes without saying that the decryption 
may not be successful in some cases depending on a combination of 
the encrypted data and decryption means. 
5 According to the present invention, the data lal to lan are 

encrypted using different encryption methods and decrypted by 
independent decryption means, respectively. Therefore, in a case 
where the decoder is produced by multiple companies, these 
manufactures are no longer required to share the secret of the 

10 decryption method. 

As a result, the risk of the leakage of the secret of the 
decryption method is reduced. Furthermore, even if the secret is 
leaked and the use of the encryption method is suspended, it is 
possible to minimize damage since not all decoders need to be 

15 replaced. 

A data supplier can choose any desired encryption method for 
encrypting data from multiple methods. Depending on the choice, 
the data supplier can specify the decoder that can access the data. 
Thus, the data supplier may make the data not to be accessed by 
20 some encryption apparatuses produced by companies with unfavorable 
factors to the data supplier such as a factor that the protection 
of the secret of the encryption is not secure. In consequence, 
manufacturers of the decoder make effort to provide more secure 
protection . 

25 When a public-key cryptosystem is used as the encryption 

method, the encryption key and the decryption key are different, 
and it is virtually impossible to guess the decryption key from 
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the encryption key. Accordingly, in a case where the pair of the 
encryption key and the decryption key are created by the 
manufacturer of the decoder, and where the decryption key is 
enclosed in the decoder and kept as a secret while only the 
5 encryption key is handed to the data supplier, the secrecy of the 
decryption key becomes more easy and secure. 

FIG. 4 is an explanatory diagram of another embodiment system 
of the present invention. 

In FIG. 4, the same numerals as FIG. 3 denote the same 
10 components. Of the numerals only shown in FIG. 4, la denotes 
encrypted data embodiment, lb' denotes an index table (INDEX) 
indicating headers of the encrypted blocks ldl to ldn, lc denotes 
information on means for decrypting the data la, ldl to ldn denote 
encrypted blocks obtained by encrypting lc in different ways, 5i 
15 denotes first decryption means for decrypting the encrypted block 
ldl, and 6i denotes second decryption means for decrypting the 
encryption of the contents of data. 

Operations are described next with reference to a flowchart 
in FIG. 5. 

20 When data 1 is inputted to the decoder 2i, the cipher system 

description means 3i reads the index table (INDEX) lb' . As a result, 
the cipher system description means 3i identifies which block of 
encrypted blocks Idi to ldn can be decrypted using the decryption 
means 5i . If the identified block is ldi, the encrypted block Idi 

25 is read and decrypted in the first decryption means 5i. The 
decryption means information lc for decrypting contents of data 
is thereby acquired and inputted to the second decrypting means 
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6i. Then, the second decryption means 6i reads the data embodiment 
la and decrypts the data embodiment la according to the decryption 
means information lc. 

Performing the encryption in two steps allows employing the 
5 following encryption method at the first step, i.e., for the 
encrypted block obtained by encrypting the data indicating means 
for decrypting the data embodiment, and thereby strengthening the 
security . Specifically, the encryption method is highly secure but 
not suitable for encrypting mass data because it takes a long time 

10 to perform the decryption. 

The encryption of the data embodiment is performed using an 
encryption method with high decryption speed. Even if the 
encryption method is not very secure, the encryption method can 
be set different for each data. The damage of the leakage is thus 

15 relatively small compared with the encryption method of the first 
step. 

When a part of data needs even greater protection, the part 
may not be stored in la like other data and may be stored in ldl 
to ldn with the decryption means data for decrypting the data 
20 embodiment. By adopting such a method, the security can be further 
strengthened. 

In the embodiment in FIG. 3, hardware such as ICs in the 
decoder may previously enclose the internal information needed for 
the cipher system description means 3i to acquire the encrypted 
25 block lai corresponding to its own apparatus from the encrypted 
data 1, and decryption key needed for the decryption means' 4i to 
decrypt the acquired encrypted block lai. The same applies to the 
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cipher system description means 3i and the first decryption means 
5i in the embodiment illustrated in FIG. 4. 

By enclosing the process routine of the cipher system 
description means or the decryption means in ICs or the like in 
5 the decoder, right to use software can be checked or software can 
be decrypted without causing ordinary programs to be aware. 
Alternatively, the process routine may be included in OS while the 
decryption key or the like may be enclosed in ICs or the like in 
the CPU in a manner such that the decryption key may be referred 
10 to by OS. 

[Effects of the Invention] 

As described above, according to the present invention, from 

viewpoint of the manufacturers producing a decoder, the secret of 
15 the decryption key enclosed in the decoder needs to be protected 

only within the company or for each manufacturing apparatus . Thus, 

it is no longer necessary to share the secret of the decryption 

key among the manufacturers producing decoders of the same type. 

Furthermore, it is no longer necessary to let the key be exposed 
20 to the outside of the apparatus in order to deliver the key to 

multiple apparatuses using the same key. 

As a result, the risk of secret leakage is reduced, and the 

reliability on the entire system is improved. Further, cost for 

the secrecy can be reduced, and the decoder can be produced by 
25 multiple companies at their will. As a result, free competition 

is practiced. 

Single data can be encrypted in multiple ways using multiple 
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keys, so that there may be multiple types of the decoders including 
different decryption keys. Therefore, even if a single decryption 
key is leaked and stopped being used, only the decoder corresponding 
to the decryption key needs to be replaced, and not all decoders 
5 need to be replaced. This minimizes the damage. 

The data supplier can specify any decoder that can use the 
data. In consequence, the manufacturers of the decoders make 
effort to provide more secure protection of the encryption method 
and data embodiments in order to let more data suppliers use their 
10 decoders . 

The present invention can be applied to all kinds of 
information that needs protection, e.g., paid computer programs, 
paid video software, credit data in a credit card, and the like. 
The greatest effect of the present invention is the 
15 introduction of competition in the field of data protection in terms 
of quality enhancement and cost reduction. The competition is 
substantially the same as the free competition, which is taken for 
granted in the trading of corporeal products and invokes quality 
enhancement and cost reduction. 

20 

4. Brief Description of the Drawings 

FIG. 1 is a diagram illustrating a basic configuration of the 
present invention. FIG. 2 is a schematic diagram illustrating a 
function of the present invention. FIGS. 3 and 4 are explanatory 
25 diagrams of the different embodiment systems of the present 
invention, respectively. FIG. 5 is a flowchart of the embodiment 
system in FIG. 4. FIG. 6 is an explanatory diagram of the basic 
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data protection. 

In FIG. 1, 1 denotes encrypted data, 2 denotes a decoder 
denotes cipher system description means, and 4 denotes decrypt 
means . 
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